[Rt-commit] r13595 - in rt/3.8/trunk: . share/html/Dashboards share/html/Dashboards/Elements t/web
sartak at bestpractical.com
sartak at bestpractical.com
Wed Jun 25 18:29:18 EDT 2008
Author: sartak
Date: Wed Jun 25 18:29:18 2008
New Revision: 13595
Modified:
rt/3.8/trunk/ (props changed)
rt/3.8/trunk/lib/RT/Dashboard.pm
rt/3.8/trunk/share/html/Dashboards/Elements/Tabs
rt/3.8/trunk/share/html/Dashboards/Modify.html
rt/3.8/trunk/share/html/Dashboards/index.html
rt/3.8/trunk/t/web/dashboards.t
Log:
r63240 at onn: sartak | 2008-06-25 18:28:30 -0400
Refactor _PrivacyObjects so it can be used to figure out which dashboards the user can read or write
Modified: rt/3.8/trunk/lib/RT/Dashboard.pm
==============================================================================
--- rt/3.8/trunk/lib/RT/Dashboard.pm (original)
+++ rt/3.8/trunk/lib/RT/Dashboard.pm Wed Jun 25 18:29:18 2008
@@ -219,32 +219,43 @@
}
# _PrivacyObjects: returns a list of objects that can be used to load
-# dashboards from. Unlike SavedSearch, this will return the System object if
-# applicable. You may pass in a paramhash of ShowSystem to force
-# showing/hiding of the System object
+# dashboards from. If the Write parameter is true, then check write rights.
+# Otherwise, check read rights.
sub _PrivacyObjects {
my $self = shift;
my %args = @_;
+ my ($local_right, $system_right) = $args{Write}
+ ? ('ModifyDashboard', 'SuperUser')
+ : ('SeeDashboard', undef);
+
my $CurrentUser = $self->CurrentUser;
- my @objects = $CurrentUser->UserObj;
+ my @objects;
+
+ push @objects, $CurrentUser->UserObj
+ if $self->CurrentUser->HasRight(
+ Right => $local_right,
+ Object => $RT::System,
+ );
my $groups = RT::Groups->new($CurrentUser);
$groups->LimitToUserDefinedGroups;
$groups->WithMember( PrincipalId => $CurrentUser->Id,
Recursively => 1 );
- push @objects, @{ $groups->ItemsArrayRef };
+ push @objects, grep {
+ $self->CurrentUser->HasRight(
+ Right => $local_right,
+ Object => $_,
+ )
+ } @{ $groups->ItemsArrayRef };
- # if ShowSystem, always show it
- # if not ShowSystem, then show only if the user didn't specify AND the
- # current user is superuser
push @objects, RT::System->new($CurrentUser)
- if $args{ShowSystem}
- || (!defined($args{ShowSystem})
- && $CurrentUser->HasRight(Object => $RT::System,
- Right => 'SuperUser'));
+ unless $system_right && !$CurrentUser->HasRight(
+ Object => $RT::System,
+ Right => $system_right,
+ );
return @objects;
}
Modified: rt/3.8/trunk/share/html/Dashboards/Elements/Tabs
==============================================================================
--- rt/3.8/trunk/share/html/Dashboards/Elements/Tabs (original)
+++ rt/3.8/trunk/share/html/Dashboards/Elements/Tabs Wed Jun 25 18:29:18 2008
@@ -95,7 +95,10 @@
$tabs->{"A"} = { title => loc('Select dashboard'),
path => "Dashboards/index.html" };
-if ($session{'CurrentUser'}->HasRight(Right => 'ModifyDashboard', Object => $RT::System)) {
+my $dashboard = RT::Dashboard->new($session{'CurrentUser'});
+my @objects = $dashboard->_PrivacyObjects(Write => 1);
+
+if (@objects) {
$tabs->{"B"} = { title => loc('New dashboard'),
path => "Dashboards/Modify.html?Create=1",
separator => 1 };
Modified: rt/3.8/trunk/share/html/Dashboards/Modify.html
==============================================================================
--- rt/3.8/trunk/share/html/Dashboards/Modify.html (original)
+++ rt/3.8/trunk/share/html/Dashboards/Modify.html Wed Jun 25 18:29:18 2008
@@ -86,7 +86,7 @@
use RT::Dashboard;
my $Dashboard = RT::Dashboard->new($session{'CurrentUser'});
-my @privacies = $Dashboard->_PrivacyObjects;
+my @privacies = $Dashboard->_PrivacyObjects(Write => 1);
my $can_delete = $session{'CurrentUser'}->HasRight(Right => 'DeleteDashboard', Object => $RT::System);
Modified: rt/3.8/trunk/share/html/Dashboards/index.html
==============================================================================
--- rt/3.8/trunk/share/html/Dashboards/index.html (original)
+++ rt/3.8/trunk/share/html/Dashboards/index.html Wed Jun 25 18:29:18 2008
@@ -73,7 +73,7 @@
my $title = loc("Dashboards");
use RT::Dashboard;
-my @objs = RT::Dashboard->new($session{CurrentUser})->_PrivacyObjects(ShowSystem => 1);
+my @objs = RT::Dashboard->new($session{CurrentUser})->_PrivacyObjects;
my $dashboards = $m->comp("/Dashboards/Elements/DashboardsForObjects", Objects => \@objs);
my @actions;
Modified: rt/3.8/trunk/t/web/dashboards.t
==============================================================================
--- rt/3.8/trunk/t/web/dashboards.t (original)
+++ rt/3.8/trunk/t/web/dashboards.t Wed Jun 25 18:29:18 2008
@@ -1,7 +1,7 @@
#!/usr/bin/perl -w
use strict;
-use Test::More tests => 68;
+use Test::More tests => 71;
use RT::Test;
my ($baseurl, $m) = RT::Test->started_ok;
@@ -41,13 +41,19 @@
$m->follow_link_ok({text => "New dashboard"});
$m->form_name('ModifyDashboard');
$m->field("Name" => 'different dashboard');
-$m->content_lacks('Delete', "Delete button hidden because we lack DeleteDashboard");
+$m->content_lacks('Delete', "Delete button hidden because we are creating");
$m->click_button(value => 'Save Changes');
$m->content_lacks("No permission to create dashboards");
$m->content_contains("Saved dashboard different dashboard");
+$m->content_lacks('Delete', "Delete button hidden because we lack DeleteDashboard");
+
+$m->get_ok($url."Dashboards/index.html");
+$m->content_lacks("different dashboard", "we lack SeeDashboard");
+
+$user_obj->PrincipalObj->GrantRight(Right => 'SeeDashboard');
$m->get_ok($url."Dashboards/index.html");
-$m->content_contains("different dashboard");
+$m->content_contains("different dashboard", "we now have SeeDashboard");
$m->follow_link_ok({text => "different dashboard"});
$m->content_contains("Basics");
More information about the Rt-commit
mailing list